Cybersecurity and Threat Protection: MSSPs, Get Your Advice Here
In this final installment in our series, vendors share their remaining pieces of insight.
![Threats Threats](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt6933d219b6222f9c/652439bf6f7cac04ba0e37db/Threats.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Jon Peppler is vice president of worldwide channels for Bitglass (Bitglass approaches threat prevention from the perspective of secure access service edge. The company uses policy-driven remediation to prevent data leakage or the entrance of malware).
Now, recall Peppler’s observation in the previous gallery about moving away from inertia. He recommended channel partners try to escape the trap of selling what they’ve always sold. With that in mind, here are the additional tips he offered to achieve that:
“Understand the customer’s environment. Understand what secure access service edge (SASE) offers the customers in consistent security across applications and devices. … Understand the need for consolidated ease of management, which is a benefit of SASE. … Look to the promises of SASE and ask yourself if the solutions you represent deliver on those promises. Does the solution have consistency across the web, cloud and on premises? Does the solution have one centralized console for your SASE security? Does your solution truly integrate cloud security with network security?”
David Nuti serves as head of channel and alliances for North America at Open Systems (Open Systems offers managed detection and response as well as SASE. Thus, its threat protection resides on endpoints, alongside remote users and sites, and on clouds and cloud applications).
In the last slideshow, Nuti noted that MSSPs may lack the full toolbox for protecting customers. That includes technologies, services and infrastructure. He suggested gaining full visibility and capabilities. To do that, he suggested the following:
“Work with a global security service provider that offers a … security stack covering all aspects of the network, including the edges, remote users and clouds. Examine the provider’s service offering and partner program to see if it aligns with your business goals. … Understand that threat protection requires 24x7x365 monitoring and expert support. … A channel partner can use part of a provider’s threat protection service to augment its own service. Cyberthreats are becoming more complex, dangerous and are continually evolving. As a result, there is a great deal at stake for customers. Teamwork is the best approach to ensure that businesses remain protected.”
Kurt Mueffelmann works as global chief operating officer and U.S. president at Nucleus Cyber (this vendor focuses on insider threats by evaluating data and user attributes to authorize access to content and what users can do with it). Previously, he cautioned against one-size-fits-all approaches to cybersecurity. His top tip? Eliminate single points of failure. But he offered more insight, and here it is:
“Update your access management playbook. The traditional go-to approach for security pre-assigns individual access rights for each user or group for each application, file, field, chat, etc. This is like pre-assigning every play, for every player, for an entire football season – before the season starts. The complexity and number of combinations that must be decided in advance render the approach prone to issues. Attribute-based access control significantly improves the pitfalls of a traditional security approach. It controls access by comparing attributes of a user’s connection and security context against a file’s classification attributes. It results in a far smaller set of security policies that cater for a much wider set of permutations.”
Also, he said, bring zero-trust to every user and file.
“Zero-trust has become the emerging standard for network security, but it also needs to extend to the application – and more importantly to the file level. Security should provide the minimum amount of access, for the minimum amount of time to a file, while still enabling the user to do their job.”
Tina Gravel is senior vice president of channels and alliances for Appgate (the vendor treats threat protection from the premise that everyone and everything on the network poses a threat and cannot be trusted until it has been verified). Last time, she zeroed in on the topic of zero-trust.
“The marketplace is exceptionally noisy right now,” she pointed out. MSSPs must sift through all the noise to “really distinguish themselves,” she said.
With that in mind, here is her additional advice for determining the most legitimate zero-trust approaches for your customers:
“Don’t be afraid to challenge a vendor’s claims; ask questions and ask them to not just explain what differentiates their solution but show you via real-world use cases and end-user case studies, and demonstrate their solutions. Ensure your sales team can speak in benefit-oriented language that directly addresses a customer’s core pain points and guarantee that they also can clearly articulate the value of a solution using well-understood business metrics. … You can always start small with zero-trust and SASE, and there is perhaps no easier place to begin than by phasing out antiquated VPNs. By buttoning up who and what gets access to the company jewels, you can effectively eliminate a significant percentage of the most pervasive external threats.”
Marcus Conroy works as vice president of sales VMRay (VMRay provides automated malware analysis and detection platforms to protect applications and data). In the previous installment in this series, he referred to “familiar challenges” MSSPs face when selling threat protection. Many of these surround budgeting and technology fears. He recommended educating internal teams. Here are his other pointers:
“Security is a broad practice and you can ’t be an expert at everything, so figure out areas where you excel and focus on building out those core areas of competence. Leverage industry use-case examples that build a business case demonstrating that reinforcing your security posture with new automated technologies can, in fact, streamline operations, reduce manual errors and improve the user experience. And of course, always remember and never forget: Customers want solutions, not products.”
Bill Dantz acts as director of channels at Clumio (Clumio offers data protection for public and private clouds, and SaaS). Last time around, he said MSSPs will probably have a hard time convincing customers to move away from traditional data protection and into the cloud. Check out his solutions to that problem. And in this installment, catch his final words of advice.
“It is important that channel partners themselves have a vision on how they will help their clients transition to the cloud. If their vision is not well-defined, then finding an appropriate data protection solution will be extremely difficult since they will often fall back to traditional approaches.”
Faraz Siraj serves as vice president of channel sales at Code42 (Code42 addresses insider risks and threats from a positive-intent perspective). Like Dantz, he said MSSPs will face hesitation over shifting from conventional data loss protection. He emphasized getting to know the product in question to better be able to speak with clients. Here are his additional thoughts:
“Educate the customer. Share data on the changing threat landscape and where insider risk management plays within that. As security teams continue to adapt to our new ways of doing work, it’s incredibly important to be able to show how a new solution is relevant to the issues that challenge them today.”
Also, he said, interoperability is vital.
“No company has just one security solution. In fact, most enterprises have more than 70 security solutions. But with the current collaboration culture and vast amount of intellectual property and information sharing every day, we need to have a smooth, always-on approach to insider risk. So in other words, insider risk management must integrate with the rest of the security tool stack.”
Jabari Norton is vice president of worldwide partners at alliances at Sumo Logic (the vendor views threat protection through a security information and event management lens; it focuses on early detection and response, and user training for spotting phishing attempts and social engineering). He predicted partners will come up against a lot of cost pressure as they try to ensure cybersecurity. The answer, he said, lies in implementing cloud and SaaS platforms. But there’s a little more, he noted.
“I also recommend looking into automation-based technologies that allow clients to save money and time without sacrificing security.”
Jim Lippie acts as CEO of SaaS Alerts (SaaS Alerts’ platform monitors SaaS applications and alerts MSPs to unusual user behavior on Office 365, Google Workspace, Dropbox and more). In the last slideshow, he said MSSPs have grown weary of all the cybersecurity tools available to them. Part of that fatigue comes from trying to determine packaging, pricing and positioning, he said. Fixing the problem calls for creating a matrix filled with the potential threats customers could face. Here are his final two pieces of advice:
“Conduct a gap analysis around what they currently cover and what they need to cover for their customers. Work with a product marketing expert to properly package, price and position. It will be well worth the investment.”
Corey Munson is vice president of sales and marketing for PC Matic (PC Matic delivers threat protection through zero-trust endpoint security). Munson, too, said that organizations are afraid of the rising expense of cybersecurity. This represents a big challenge for MSSPs. One way to address it? Partners need to do better at illustrating the changing threat landscape, he said in the previous installment in this series.
“Costs are increasing because the threats are more serious,” he said.
Here’s another aspect where partners can specialize, bringing more value and expertise to customers:
“Requirements for cybersecurity insurance are becoming more stringent. Clients will need partner guidance to qualify.”
Corey Munson is vice president of sales and marketing for PC Matic (PC Matic delivers threat protection through zero-trust endpoint security). Munson, too, said that organizations are afraid of the rising expense of cybersecurity. This represents a big challenge for MSSPs. One way to address it? Partners need to do better at illustrating the changing threat landscape, he said in the previous installment in this series.
“Costs are increasing because the threats are more serious,” he said.
Here’s another aspect where partners can specialize, bringing more value and expertise to customers:
“Requirements for cybersecurity insurance are becoming more stringent. Clients will need partner guidance to qualify.”
Over the past four months, Channel Futures has explored various, pressing aspects of cybersecurity and threat protection managed security service providers need to understand now. The previous installments dive into the following areas:
The whole topic arose as threat protection vendors announced a slew of new platforms at the beginning of 2021. The timing, of course, made sense. The SolarWinds debacle had come to light. Other cybersecurity attacks were underway (and continue). Yet, instead of writing about each solution rolled out by providers, Channel Futures sought to gain deeper understanding from channel chiefs and CEOs. This series has aimed to educate MSSPs in a different way, and perhaps provide them with new approaches to consider.
In the fifth installment, we asked vendors what cybersecurity challenges channel partners should expect to face as they work on threat protection for customers. We fielded a range of answers. This final slideshow (above) in the series, expounds on the advice vendors gave.
However, there are so many nooks and crannies to cybersecurity that we have surely not covered the entire gamut, even over an in-depth series. So, expect more slideshows over the coming months. If there is a particular subject you’d like to see us to talk about with vendors, send the author an email.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Kelly Teal or connect with her on LinkedIn. |
Read more about:
MSPsAbout the Author(s)
You May Also Like